(02-09-2010 12:30 PM)Erra Wrote: (02-09-2010 11:00 AM)Ironguy Wrote: (02-08-2010 02:46 PM)Erra Wrote: If I could just find out how to make a proxy I'd care to pick it up, but I just can't seem to grasp the concept! :<
Reroute all incoming and outgoing traffic through your own code, do your changes, pass it on through. Much like a filter. That's a proxy.
Been forever since I looked into the code and what not, but yes I believe the sendpointer points the the win32send.
The socket jump on the other hand, if I remember this right from when I figured it out, is like this...
The socket is generated semi dynamically (maybe via some function? I can't really remember to clearly). In assembly, there is a jump over to some other part of code, where upon connection, the socket is generated and placed into some dynamically created variable. Then it jumps back to the connection/login code and connects on said generated socket.
We never really took much time to investigate where the socket came from. It may very well be generated by some key value upon client startup. Or any other number of methods. I really can't remember enough to theorize accurately on it's source. The main thing was though, finding a way to know this socket so that one could use it's (The only connection) connection to send packets to the server. This method that Farsa and I discovered (I did the investigation and figured the method out, he coded it) works for finding that dynamic socket. That jump is the jump that goes to the place where the socket is stored. Intercept the storing of the socket into your own variable, use the socket to send your packets.
Okay, I kind of know how to do it, I almost made a proxy in VB6 (lol!), but it's still only changing the ip adress it connects to? Or is it encrypted these days?
If it's not, then I suppose I should try making a proxy :o
Though I'm not very good with proxies in C#, but maybe I could get a better understanding by reading the code, I dunno xD
Sorry, it's been a long time since I've looked at zezenia, I have no idea if they have repacked or encrypted the data in the client or the packets in anyway. Pretty much you could approach it in several ways. Hex the client or simply overwrite the address it connects too. Making it connect, essentially to your own server (proxy), the sever then processes the packets and sends them on through to the game server. The game sever processes those packets, returns a response back to your proxy server, the proxy server processes, then returns those to the hack'd game client. That's the process.
![[-]](images/mint/collapse.gif)
